[IS&T Security-FYI] SFYI Newsletter, November 19, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Nov 19 17:11:30 EST 2012
In this issue:
1. Skype Fixes Password Reset Mechanism
2. Emails Disguised as Coupons or Deals on the Rise
3. Adobe Copies Microsoft Patch Tuesdays
-----------------------------------------------------------
1. Skype Fixes Password Reset Mechanism
-----------------------------------------------------------
Skype says it has fixed a flaw in its password reset mechanism; the vulnerability has been known for at least two months, but was not addressed until last week. The flaw allowed anyone who knew a Skype user's email address to reset that person's account password. Prior to fixing the problem, Skype disabled the password reset feature.
If you use Skype, you may now want to change your password.
Read the full story in the news<http://www.scmagazine.com/skype-dispatches-swift-fix-for-password-reset-flaw/article/268238/>.
-----------------------------------------------------------------------
2. Emails Disguised as Coupons or Deals on the Rise
-----------------------------------------------------------------------
Be sure to double check that Groupon (www.groupon.com) you received in your email. Spammers are using the popularity of emailed advertisements for group discount deals to send malware.
The rise of malware through fake email advertisements and notifications are on the rise, according to a study released by security firm Kaspersky Lab.
"They are primarily doing so by sending out malicious emails designed to look like official notifications," according to the report. Kaspersky Lab is seeing more and more of this malicious spam. Other types of popular emails disguised as notifications from official sources include letters from hosting services, banking systems, social networks, online stores, and hotel confirmations.
Read the full story in the news<http://news.cnet.com/8301-1009_3-57549342-83/e-mailed-malware-disguised-as-group-coupon-offers-on-the-rise/>.
----------------------------------------------------------
3. Adobe Copies Microsoft Patch Tuesdays
----------------------------------------------------------
Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday.
"Microsoft and Adobe are now officially married," joked Andrew Storms, director of security operations at nCircle Security, a software vendor, in an email. "They started dating when they decided to share the MAPP program," and once Microsoft agreed to embed Flash into Internet Explorer 10, it was "inevitable" that Adobe would begin following Microsoft's patch schedule, he said.
Read the full story in the news<http://www.computerworld.com/s/article/9233747/Adobe_to_fix_Flash_Player_on_Patch_Tuesdays>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20121119/f734fc56/attachment.htm
More information about the ist-security-fyi
mailing list